Willie Wong wrote: > On Fri, Mar 10, 2006 at 08:59:09PM -0500, Penguin Lover Jim squawked: > >>I was wondering if anyone has some easy to do tips for checking the >>security of Apache. I am running Apache/2.0.55. Is apache good with >>handling bad URL's? I remember with an IIS server I use to have I >>needed to install a url filter to help it out. I noticed that I get >>requests like the following in my apache log: >> >>70.121.133.60 - - [07/Mar/2006:21:31:05 -0500] "SEARCH >>/\x90\xc9\xc9\xc9\xc9\xc9\ >> >>The above is one line and it is 30,000 characters long in the log file. >>
You may want to look into mod_security for apache as well. IIRC it is designed to protect from such attacks. -- Michael Stewart [EMAIL PROTECTED] Gentoo Developer http://dev.gentoo.org/~vericgar GnuPG Key ID 0x08614788 available on http://pgp.mit.edu --
signature.asc
Description: OpenPGP digital signature
